Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
484
Views
0
Helpful
1
Replies

Strange output at ASA-3-201011 syslog

Machi Ma
Level 1
Level 1

‎01-12-2017 06:51 PM - edited ‎03-12-2019 01:46 AM

Hello,

I have configure some server policy and apply to 'outside' interface from limit the connection like below:

    Class-map: TCP-incoming
      Set connection policy: embryonic-conn-max 5000 per-client-max 2000 per-client-embryonic-max 50
        current embryonic conns 1267, current conns 5547, drop 0

    Class-map: UDP-incoming
      Set connection policy: embryonic-conn-max 1000 per-client-max 2000 per-client-embryonic-max 50
        current embryonic conns 0, current conns 35722, drop 80553

    Class-map: Default-incoming
      Set connection policy: embryonic-conn-max 500 per-client-max 1000 per-client-embryonic-max 50
        current embryonic conns 0, current conns 1, drop 0


During today check there are some rate-limit dropping log

Jan 13 10:38:51 192.168.168.168 %ASA-3-201011: Connection limit exceeded 5520/0 for input packet from 111.222.333.444/58916 to 555.666.777.888/3390 on interface outside

Jan 13 10:38:51 192.168.168.168 %ASA-3-201011: Connection limit exceeded 5520/0 for input packet from 111.222.333.444/58916 to 555.666.777.888/3390 on interface outside

However, I feel strange that 5520/0 which I think should be like 5520/2000 . But now it looks like unlimited.  Does is something wrong there?

My ASA version now is 9.6(2)

Thanks for your advise and comment.

Labels:
0 Helpful
1 Reply 1

Pranay Prasoon
Level 3
Level 3

‎01-13-2017 01:36 AM

Hi,

This looks like

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy94591/?reffering_site=dumpcr

However it should have been fixed in 9.6.2

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card